CVE-2013-6458
Description
Multiple race conditions in the (1) virDomainBlockStats, (2) virDomainGetBlockInf, (3) qemuDomainBlockJobImpl, and (4) virDomainGetBlockIoTune functions in libvirt before 1.2.1 do not properly verify that the disk is attached, which allows remote read-only attackers to cause a denial of service (libvirtd crash) via the virDomainDetachDeviceFlags command.
Predictions
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2013-6458
Vendor advisory: secalert@redhat.com — https://bugzilla.redhat.com/show_bug.cgi?id=1043069
Vendor advisory: secalert@redhat.com — http://secunia.com/advisories/56446
Vendor advisory: secalert@redhat.com — http://secunia.com/advisories/56186
OS impact
| OS | Version | Status | Fixed in |
|---|---|---|---|
| debian | bookworm | fixed | 1.2.1-1 |
| debian | bullseye | fixed | 1.2.1-1 |
| debian | forky | fixed | 1.2.1-1 |
| debian | sid | fixed | 1.2.1-1 |
| debian | trixie | fixed | 1.2.1-1 |
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| redhat | libvirt | {"endIncluding":"1.2.0"} | |
| redhat | libvirt | 0.0.1 | |
| redhat | libvirt | 0.0.2 | |
| redhat | libvirt | 0.0.3 | |
| redhat | libvirt | 0.0.4 | |
| redhat | libvirt | 0.0.5 | |
| redhat | libvirt | 0.0.6 | |
| redhat | libvirt | 0.1.0 | |
| redhat | libvirt | 0.1.1 | |
| redhat | libvirt | 0.1.3 | |
| redhat | libvirt | 0.1.4 | |
| redhat | libvirt | 0.1.5 | |
| redhat | libvirt | 0.1.6 | |
| redhat | libvirt | 0.1.7 | |
| redhat | libvirt | 0.1.8 | |
| redhat | libvirt | 0.1.9 | |
| redhat | libvirt | 0.2.0 | |
| redhat | libvirt | 0.2.1 | |
| redhat | libvirt | 0.2.2 | |
| redhat | libvirt | 0.2.3 | |
| redhat | libvirt | 0.3.0 | |
| redhat | libvirt | 0.3.1 | |
| redhat | libvirt | 0.3.2 | |
| redhat | libvirt | 0.3.3 | |
| redhat | libvirt | 0.4.0 | |
| redhat | libvirt | 0.4.1 | |
| redhat | libvirt | 0.4.2 | |
| redhat | libvirt | 0.4.3 | |
| redhat | libvirt | 0.4.4 | |
| redhat | libvirt | 0.4.5 | |
| redhat | libvirt | 0.4.6 | |
| redhat | libvirt | 0.5.0 | |
| redhat | libvirt | 0.5.1 | |
| redhat | libvirt | 0.6.0 | |
| redhat | libvirt | 0.6.1 | |
| redhat | libvirt | 0.6.2 | |
| redhat | libvirt | 0.6.3 | |
| redhat | libvirt | 0.6.4 | |
| redhat | libvirt | 0.6.5 | |
| redhat | libvirt | 0.7.0 | |
| redhat | libvirt | 0.7.1 | |
| redhat | libvirt | 0.7.2 | |
| redhat | libvirt | 0.7.3 | |
| redhat | libvirt | 0.7.4 | |
| redhat | libvirt | 0.7.5 | |
| redhat | libvirt | 0.7.6 | |
| redhat | libvirt | 0.7.7 | |
| redhat | libvirt | 0.8.0 | |
| redhat | libvirt | 0.8.1 | |
| redhat | libvirt | 0.8.2 | |
| redhat | libvirt | 0.8.3 | |
| redhat | libvirt | 0.8.4 | |
| redhat | libvirt | 0.8.5 | |
| redhat | libvirt | 0.8.6 | |
| redhat | libvirt | 0.8.7 | |
| redhat | libvirt | 0.8.8 | |
| redhat | libvirt | 0.9.0 | |
| redhat | libvirt | 0.9.1 | |
| redhat | libvirt | 0.9.2 | |
| redhat | libvirt | 0.9.3 | |
| redhat | libvirt | 0.9.4 | |
| redhat | libvirt | 0.9.5 | |
| redhat | libvirt | 0.9.6 | |
| redhat | libvirt | 0.9.6.1 | |
| redhat | libvirt | 0.9.6.2 | |
| redhat | libvirt | 0.9.6.3 | |
| redhat | libvirt | 0.9.7 | |
| redhat | libvirt | 0.9.8 | |
| redhat | libvirt | 0.9.9 | |
| redhat | libvirt | 0.9.10 | |
| redhat | libvirt | 0.9.11 | |
| redhat | libvirt | 0.9.11.1 | |
| redhat | libvirt | 0.9.11.2 | |
| redhat | libvirt | 0.9.11.3 | |
| redhat | libvirt | 0.9.11.4 | |
| redhat | libvirt | 0.9.11.5 | |
| redhat | libvirt | 0.9.11.6 | |
| redhat | libvirt | 0.9.11.7 | |
| redhat | libvirt | 0.9.11.8 | |
| redhat | libvirt | 0.9.12 | |
| redhat | libvirt | 0.9.13 | |
| redhat | libvirt | 0.10.0 | |
| redhat | libvirt | 0.10.1 | |
| redhat | libvirt | 0.10.2 | |
| redhat | libvirt | 0.10.2.1 | |
| redhat | libvirt | 0.10.2.2 | |
| redhat | libvirt | 0.10.2.3 | |
| redhat | libvirt | 0.10.2.4 | |
| redhat | libvirt | 0.10.2.5 | |
| redhat | libvirt | 0.10.2.6 | |
| redhat | libvirt | 0.10.2.7 | |
| redhat | libvirt | 0.10.2.8 | |
| redhat | libvirt | 1.0.0 | |
| redhat | libvirt | 1.0.1 | |
| redhat | libvirt | 1.0.2 | |
| redhat | libvirt | 1.0.3 | |
| redhat | libvirt | 1.0.4 | |
| redhat | libvirt | 1.0.5 | |
| redhat | libvirt | 1.0.5.1 | |
| redhat | libvirt | 1.0.5.2 | |
| redhat | libvirt | 1.0.5.3 | |
| redhat | libvirt | 1.0.5.4 | |
| redhat | libvirt | 1.0.5.5 | |
| redhat | libvirt | 1.0.5.6 | |
| redhat | libvirt | 1.0.6 | |
| redhat | libvirt | 1.1.0 | |
| redhat | libvirt | 1.1.1 | |
| redhat | libvirt | 1.1.2 | |
| redhat | libvirt | 1.1.3 | |
| redhat | libvirt | 1.1.4 | |
References
- http://libvirt.org/news.html
- http://lists.opensuse.org/opensuse-updates/2014-02/msg00060.html
- http://lists.opensuse.org/opensuse-updates/2014-02/msg00062.html
- http://rhn.redhat.com/errata/RHSA-2014-0103.html
- http://secunia.com/advisories/56186
- http://secunia.com/advisories/56446
- http://secunia.com/advisories/60895
- http://security.gentoo.org/glsa/glsa-201412-04.xml
- http://www.debian.org/security/2014/dsa-2846
- http://www.ubuntu.com/usn/USN-2093-1
- https://bugzilla.redhat.com/show_bug.cgi?id=1043069
- https://security-tracker.debian.org/tracker/CVE-2013-6458
CWEs
CWE-362
Verify integrity in audit chain (admin only). AS-IS.